Fedora alert FEDORA-2008-11551 (kazehakase)

From:
    	     
 
updates@fedoraproject.org
To:
    	     
 
fedora-package-announce@redhat.com
Subject:
    	     
 
[SECURITY] Fedora 8 Update: kazehakase-0.5.6-1.fc8.2
Date:
    	     
 
Sun, 21 Dec 2008 08:43:41 +0000
Message-ID:
    	     
 
<20081221084341.CD5CC208DE7@bastion.fedora.phx.redhat.com>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-11551
2008-12-21 00:44:01
--------------------------------------------------------------------------------

Name        : kazehakase
Product     : Fedora 8
Version     : 0.5.6
Release     : 1.fc8.2
URL         : http://kazehakase.sourceforge.jp/
Summary     : Kazehakase browser using Gecko rendering engine
Description :
Kazehakase is a Web browser which aims to provide
a user interface that is truly user-friendly & fully customizable.

This package uses Gecko for HTML rendering engine.

--------------------------------------------------------------------------------
Update Information:

Update to the new upstream Firefox release 2.0.0.19 fixing multiple security
issues:  http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.19    This update also contains new
builds of all applications depending on Gecko libraries, built against the new
version.    Note: after the updated packages are installed, Firefox must be
restarted for the update to take effect.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2008 Christopher Aillon <caillon@redhat.com> - 0.5.6-1.2
- Rebuild against newer gecko
* Wed Nov 12 2008 Christopher Aillon <caillon@redhat.com> - 0.5.6-1.1
- Rebuild against newer gecko
* Fri Oct 31 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.6-1
- 0.5.6
- -UGTK_DISABLE_DEPRECATED hack removed (hack introduced in upstream)
* Wed Sep 24 2008 Christopher Aillon <caillon@redhat.com>
- Rebuild against newer gecko (F-9/8)
* Tue Aug  5 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp>
- Try rev. 3509
* Wed Jul 30 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.5-1
- 0.5.5
* Sat Jul 19 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-7.svn3506_trunk
- F-9+: relax gecko libs dependency (as GRE_GetGREPathWithProperties properly
  finds out GRE)
- F-10+: add -UGTK_DISABLE_DEPRECATED temporarily
* Tue Jul 15 2008 Christopher Aillon <caillon@redhat.com>
- Rebuild against newer gecko (F-8)
* Wed Jul  2 2008 Christopher Aillon <caillon@redhat.com>
- Rebuild against newer gecko (F-8)
* Sat Jun 28 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-6.svn3506_trunk
- Try rev 3506
- Workaround for bug 447444 (xulrunner vs hunspell conflict) (F-9+)
* Wed Jun 25 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-5
- Apply xulrunner related patches from debian by Mike Hommey
  (debian bug 480796, rh bug 402641)
  This time kazehakase actually works with xulrunner!
* Tue Apr 29 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-4
- Remove redundant description per rel-eng team request
* Wed Apr 23 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-3
- F-9: temporizing fix for xulrunner
  * Enable gtk-mozembed - don't work at all, however does not crash
  * force to install WebKit version
* Wed Apr 16 2008 Christopher Aillon <caillon@redhat.com> - 0.5.4-2.1
- Rebuild against newer gecko (F-8/9)
* Mon Apr 14 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-2
- Rebuild for new WebKit (F-7/8: bug 438531)
* Sun Mar 30 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-1
- 0.5.4
* Fri Mar 28 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.3-6.svn3501_trunk
- Try svn 3501 (still not work against xulrunner :( )
* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> - 0.5.3-5
- Rebuild against newer gecko (F-7/8)
* Wed Mar  5 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.3-4
- Create kazehakase-base, split gecko.so from -base package
  so that users can install only WebKit based package.
* Sun Mar  2 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.3-3
- Support WebGTK
* Sat Mar  1 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.3-1
- 0.5.3
* Fri Feb 29 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.2-8.svn3410_trunk
- More try to use xulrunner
  * GRE version fix
  * Remove seemingly undesirable linking
* Sun Feb 24 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.2-7.svn3391_trunk
- More try to use xulrunner
  * Fix linkage for gecko.so
  * Don't use MOZILLA_INTERNAL_API anymore
  * NS_NewStorageStream should be changed to use xpcom
    http://developer.mozilla.org/en/docs/Migrating_from_Inter...
* Sat Feb 23 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.2-2.svn3391_trunk
- F-9: Try latest svn for xulrunner
* Fri Feb 15 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.2-1.2.svn3358
- F-9: Try latest svn for xulrunner
  (Still build explicitly disabled. Now it builds, does not crash
   but hangs eternally...)
* Sat Feb  9 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp>
- Rebuild for new gecko engine (F-7/F-8)
* Wed Jan 30 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.2-1
- 0.5.2
* Tue Nov 27 2007 Christopher Aillon <caillon@redhat.com>
- F-7/8: Rebuild against newer gecko
* Mon Nov 12 2007 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.0-2
- F-9: try to switch to xulrunner
* Tue Nov  6 2007 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.0-1.dist.1
- Rebuild against new gecko engine
- Switch to use gecko virtual dependency (bug 352091)
* Mon Oct 29 2007 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.0-1
- 0.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #476266 - CVE-2008-5500 Layout engine crashes - Firefox 2 and 3
        https://bugzilla.redhat.com/show_bug.cgi?id=476266
  [ 2 ] Bug #476281 - CVE-2008-5508 Firefox errors parsing URLs with control characters
        https://bugzilla.redhat.com/show_bug.cgi?id=476281
  [ 3 ] Bug #476289 - CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
        https://bugzilla.redhat.com/show_bug.cgi?id=476289
  [ 4 ] Bug #476272 - CVE-2008-5503 Firefox 2  Information stealing via loadBindingDocument
        https://bugzilla.redhat.com/show_bug.cgi?id=476272
  [ 5 ] Bug #476273 - CVE-2008-5504 Firefox 2 XSS attack vectors in feed preview
        https://bugzilla.redhat.com/show_bug.cgi?id=476273
  [ 6 ] Bug #476278 - CVE-2008-5506 Firefox XMLHttpRequest 302 response disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=476278
  [ 7 ] Bug #476285 - CVE-2008-5511 Firefox XSS via XBL bindings to unloaded document
        https://bugzilla.redhat.com/show_bug.cgi?id=476285
  [ 8 ] Bug #476280 - CVE-2008-5507 Firefox Cross-domain data theft via script redirect error
message
        https://bugzilla.redhat.com/show_bug.cgi?id=476280
  [ 9 ] Bug #476283 - CVE-2008-5510 Firefox null characters ignored by CSS parser
        https://bugzilla.redhat.com/show_bug.cgi?id=476283
  [ 10 ] Bug #476287 - CVE-2008-5512 Firefox JavaScript privilege escalation
        https://bugzilla.redhat.com/show_bug.cgi?id=476287
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kazehakase' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...